About ESET:
ESET is an IT security company headquartered in Bratislava, Slovakia that was founded in 1992 by the merger of two private companies. The company is privately held and has branch offices in San Diego, California; Wexford, Ireland; London, United Kingdom; Buenos Aires, Argentina; Prague, Czech Republic and Kraków, Poland.
Vulnerable website: www.eset.com.tw to MySQL Injection.
Main Informations:
* Version : 5.0.45
* Database: nod32twnew
* Datadir : /var/lib/mysql/
* User : root@localhost
Databases:
* information_schema
* mysql
* nod32twnew
Tables from main database:
* article
* category
* enterprise_apply
* estore_product
* estore_product_20100106
* estore_product_category
* estore_product_category_20100106
* estore_product_copy
* faq_category
* faq_category_detail
* game3
* manager
* nodtwflash1
* register
* regkeyreplace
* trial30
* updates
We have permission to access mysql.user accounts:
MySQL.user account:
* root : 4e3401b911c2ca0b
Accounts from manager table:
* admin : ^NOD*@(TW)P*$%
* editor : ^@NODTW@32!$
* nod32@tw : $P#^NOD@
* soman : P!@#SO@NODTW
The accounts are in plain-text... great!
Now some keys from "regkeyreplace":
* J102-grq25tzvs:J112-j9gqmgqed
* J102-hexnvsv8c:J112-7sraae78y
* J102-hmgw425hv:J112-4x9aeh3hv
* J102-nbh4756dv:J112-838b6evk6
* J102-qcd67aymf:J112-73fx6g8kp
* J102-qg7zmmkjt:J112-apawrmph4
* J102-r4hc5tzy6:J112-wk6xhhay9
* J102-sppc32fvc:J112-jkx97dkew
* J102-wpyxhgvks:J112-5ghmjd9b5
* ...
~Verry simple!
Other webservers of ESET NOD32 hacked: NOD32 Hong Kong & NOD32 Romania
Không có nhận xét nào:
Đăng nhận xét